The number of reported phishing cases has been increasing, and there are growing instances of firms being tricked into clicking on malicious links and transferring funds, Anthony Hess, head of incident response at CFC Underwriting told Insurance Business.
Studies suggest that around 95% of cyber security incidents are caused by phishing emails, and companies and their employees face phishing attempts on a daily basis.
“Staff are really up against it because they’re being actively targeted. Emails are becoming more sophisticated – you no longer see bad spelling or grammatical errors,” Stephen Burke, co-founder and CEO of Cyber Risk Aware, said.
The two companies have joined forces to provide CFC’s insurance customers with free phishing simulation tools, developed by Cyber Risk Aware, as an additional benefit to their policies. The tools help businesses to educate employees by sending fake phishing emails and providing feedback that can be used to develop training.
“The product helps companies create a human firewall – a network of human sensors,” Burke explained. “By simulating a range of phishing attacks on their staff, whether it be ransomware, CEO fraud, or spear-phishing attacks on senior executives, companies are able to assess their level of risk very quickly, and see where there are gaps in awareness.”
Phishing attempts are becoming more and more common, and insurers are seeing claims flood in. CFC’s Hess warned that the MGA “sees these kinds of attacks all the time, and we see them succeeding.”
For many smaller businesses, resources and expertise is tight, but the impact of falling victim to an attack can be devastating.
“The main problem for SMEs is that they’re not necessarily technical companies,” Burke said. “They tend to have a jack-of-all trades person who knows about IT, but not necessarily security. This is why companies like CFC are really helping in that sector, by giving them a level of maturity without them having to hire specifically for it.”
As for the top tips in spotting a phishing email, Burke pointed out a number of tell-tale signs to look out for: check the email address that the message has been sent from, whether it looks like the right domain and whether the reply-to address matches up; watch out for emotive language or demands, which are often used in attempts at CEO fraud; be wary of opening links contained within emails – hover your mouse over them and look at the address before clicking; and don’t “blindly” open attachments, downloading and running them through a virus scanner instead.
Lastly, if in doubt, go old school and pick up the phone to check that the email really is from the claimed sender.
90% of insurance clients to have cyber cover in five years - insurer
Yahoo cyberattack far bigger than first thought
You've reached your limit - Register for free now for unlimited access
To read the full story, and get unlimited access to Insurance Business website content, just register for free now. GET STARTED HERE
Already a website member? Log in below.